Cybersecurity, Reliability & CIP

Four years ago, Congress made its wishes known: it tabbed the National Institute of Standards and Technology to develop a set of standards for the smart grid, and then instructed FERC, the Federal Energy Regulatory Commission “adopt” those standards, but only after finding a ”sufficient consensus,” and only “as may be necessary” to assure “functionality and interoperability.” Yet what is known is not necessarily clear. Who decides if consensus prevails? What does “interoperability” mean? Should FERC’s “necessary” finding extend to retail smart grid applications, arguably outside its purview? And the biggest dispute — must standards be mandatory? — finds PJM at odds with much of the utility industry.

While it’s theoretically possible to keep the lights on with a much smaller reserve than the U.S. utility industry historically has maintained, the costs of doing so might be higher than some analyses suggest. As demand response plays a growing role on the grid—and as system planners reconsider reserve margins and reliability standards—quantitative risk analysis will guide resource adequacy decisions.

Smart grid is a global phenomenon, but different countries are taking different approaches—for different reasons. For instance, utilities in Europe are more focused on laying the foundation for distributed generation and microgrids, while the United States is more concerned about creating standards for interoperability and security. Understanding the differences can help decision makers deploy smart grid technology effectively and economically.

The case backlog of unprocessed electric reliability violations is growing out of control, threatening to “swamp” the industry — a sign, perhaps, that when Congress and FERC modernized the electric reliability regime to serve a more market-based industry structure, and for the first time gave enforcement authority to North American Reliability Corp. (NERC) as the nation’s official electric reliability czar, no one gave much thought, apparently, as to whether NERC’s very idea of what constitutes reliability might have needed modernizing as well.

Now that wireless carriers are promoting their networks as a cost-effective communications platform for smart grid data, they face legitimate questions about fundamental performance issues. But if public networks turn out to be the better choice in many cases, utilities might have some explaining to do before state commissions.

In the new world of the smart grid, security isn’t a destination. It’s a sustained effort with ongoing investments across core areas of the utility enterprise.

An increased reliance on renewable energy could threaten reliability of the nation’s electric transmission grids by reducing the rotational mass and rotational inertia of on-line turbine generators, thus, reducing the capability of generators to respond to drops in voltage frequency. In fact, data collected from 1994 to 2009 for the Eastern Interconnection already reveals a drop in the grid’s capability (as measured in megawatts) to stop a very rapid drop in frequency — such as a drop of a tenth of a cycle per second.

Utilities are using automation and back-office systems to improve their performance on outage management and service restoration. The next generation of smart-grid technologies promises a revolution in self-healing systems. But first the industry must gain confidence in the technology—and the business case for investment.

Who will oversee the industry’s cyber standards? Effective security calls for a single organization to set standards that will protect the smart grid. The industry is struggling to reach consensus over authority, scope and funding for its new security apparatus.

Bad news from the front lines in the cyber-security war: Little meaningful progress has been made toward safeguarding the nation’s electric grid from malicious attacks. Initial cyber-security assessments and audits suggest few companies really are ready to implement the first wave of NERC critical infrastructure protection (CIP) standards, despite the fact the utility industry drafted the regulations.